Security

Pump.fun Favorites Michi and Mini Recover After Exploit—But These Tokens Are Still Stuck

A purported former Pump.fun employee drained an estimated $2 million worth of Solana from the protocol yesterday. This resulted in wallet provider Phantom blocking the site, a number of tokens getting stuck in bonding curve contracts, and trading being paused.

Less than 24 hours later, it appears Pump.fun’s largest tokens have quickly recovered while the tokens affected by the attack are still stuck in limbo.

Pump.fun is a protocol that allows users to create a Solana meme coin in minutes for only 0.02 SOL ($3). This has resulted in the daily record for new Solana-based tokens minted being broken with a slew of meme coins being created.

Fortunately for meme enthusiasts, the Pump.fun team addressed the issue within seven hours of the attack. “Solana shit coins are back, and greater than ever,” the team posted on Twitter.

https://t.co/uE2QNKXkIT coin migration issue post-mortem

TL;DR:

1. the https://t.co/uE2QNKXkIT contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)
3. https://t.co/uE2QNKXkIT is…

— pump.fun (@pumpdotfun) May 16, 2024

Not long after the protocol was hacked, its highest market cap tokens dipped. Michi, Pump.fun’s largest token, fell 6% while SelfieDogCoin, the third largest token on the platform, plummeted 23%, and Mini, the next largest, dropped 22%—all in a matter of hours.

Now the protocol says it has resolved the exploit and trading has resumed, these tokens have recovered.

Michi has climbed 28% since its mid-hack low, SelfieDogCoin has jumped 20%, and Mini has skyrocketed 55%. While in the short-term the hack negatively affected Pump.fun’s biggest tokens, it appears that now the protocol has recovered it’s just brought more attention to tokens on the platform.

Long live @pumpdotfun https://t.co/lbMwNAyA8t pic.twitter.com/pkh6Pzdytp

— michi (@michionsolana) May 16, 2024

However, these tokens had already become tradable on the Solana decentralized exchange (DEX) Raydium. This is done by reaching a market cap above $69,000 and completes a bonding curve (which adjusts an asset’s price relative to its supply). Once it reaches this milestone, the liquidity is moved to Solana trading platform Raydium—meaning that investors can begin trading it outside of Pump.fun.

Some on-chain sleuths deduced that with the aid of a private key—one only an employee of Pump.fun would have access to—the Pump.fun attacker appeared to target accounts completing this process, diverting funds earmarked for Raydium into unrelated wallet addresses.

This resulted in tokens that hit 100% during the time of the attack being stuck in limbo. Unfortunately, this has still not been resolved.

Tokens like Sim Wit Dicc, an NSFW token about the Sims game, Pre Wif, another dog coin, and Rnld Sweginatur, an Arnold Schwarzenegger meme, are all currently stuck. But the tokens are so small, there isn’t much of a community behind them to be outraged about it. That said, there are victims and Pump.fun intends to make these users whole.

“The Pump.fun team will seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC within the next 24 hours,” the official account wrote on Twitter. “Please bear with us as we aim to resume the trading of these coins in a safe and structured manner.

@STACCoverflow, thanks for the flush out of greed in the market.
You are taking it out from the peeps who shouldn’t be having it and giving it out to someone in need.
Love ya, no homo ✍️

— Likith (@Likithtweets) May 16, 2024

In the wake of the exploit, there has been a peculiar outpouring of love for the attacker. That’s because some people have been vocal in saying that Pump.fun is bad for Solana and the wider crypto community. In typical degen fashion, tokens dedicated to the attacker have started to appear.

And ironically, the two of the largest hacker tribute tokens that Decrypt found went to zero almost immediately.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *